--- a/trb ceeabdd87dc5b231d0eea4498e8ba2b108768e76f7e97459ca5c83573d205fae194629787c701ecd59a7b4c72771820c79c7aedea1875f77b9ac50174f1c0c92 +++ b/trb a4693edfa6cc6230ba2d4268368bb648cebb654b1f9e3482a3a49721fb177cebaef56e195dad27a8afc24faee37c964ce5e6ae38ed479155ad908357a549b1de @@ -3384,7 +3384,7 @@ BOOST_AUTO_TEST_SUITE_END() ############################################################################## -2211 @ ./bitcoin/src/makefile.linux-mingw +2201 @ ./bitcoin/src/makefile.linux-mingw ############################################################################## # Copyright (c) 2009-2010 Satoshi Nakamoto # Distributed under the MIT/X11 software license, see the accompanying @@ -3412,7 +3412,7 @@ -l ssl \ -l crypto -DEFS=-D_MT -DWIN32 -D_WINDOWS -DNOPCH -DUSE_SSL -DBOOST_THREAD_USE_LIB +DEFS=-D_MT -DWIN32 -D_WINDOWS -DNOPCH -DBOOST_THREAD_USE_LIB DEBUGFLAGS=-g CFLAGS=-O2 -w -Wno-invalid-offsetof -Wformat $(DEBUGFLAGS) $(DEFS) $(INCLUDEPATHS) HEADERS = \ @@ -7136,7 +7136,7 @@ #endif // __INCLUDED_PROTOCOL_H__ ############################################################################## -87209 @ ./bitcoin/src/bitcoinrpc.cpp +83028 @ ./bitcoin/src/bitcoinrpc.cpp ############################################################################## // Copyright (c) 2010 Satoshi Nakamoto // Copyright (c) 2009-2012 The Bitcoin developers @@ -7152,12 +7152,6 @@ #include #include #include -#ifdef USE_SSL -#include -#include -#include -typedef boost::asio::ssl::stream SSLStream; -#endif #include "json/json_spirit_reader_template.h" #include "json/json_spirit_writer_template.h" #include "json/json_spirit_utils.h" @@ -9218,60 +9212,6 @@ return false; } -#ifdef USE_SSL -// -// IOStream device that speaks SSL but can also speak non-SSL -// -class SSLIOStreamDevice : public iostreams::device { -public: - SSLIOStreamDevice(SSLStream &streamIn, bool fUseSSLIn) : stream(streamIn) - { - fUseSSL = fUseSSLIn; - fNeedHandshake = fUseSSLIn; - } - - void handshake(ssl::stream_base::handshake_type role) - { - if (!fNeedHandshake) return; - fNeedHandshake = false; - stream.handshake(role); - } - std::streamsize read(char* s, std::streamsize n) - { - handshake(ssl::stream_base::server); // HTTPS servers read first - if (fUseSSL) return stream.read_some(asio::buffer(s, n)); - return stream.next_layer().read_some(asio::buffer(s, n)); - } - std::streamsize write(const char* s, std::streamsize n) - { - handshake(ssl::stream_base::client); // HTTPS clients write first - if (fUseSSL) return asio::write(stream, asio::buffer(s, n)); - return asio::write(stream.next_layer(), asio::buffer(s, n)); - } - bool connect(const std::string& server, const std::string& port) - { - ip::tcp::resolver resolver(stream.get_io_service()); - ip::tcp::resolver::query query(server.c_str(), port.c_str()); - ip::tcp::resolver::iterator endpoint_iterator = resolver.resolve(query); - ip::tcp::resolver::iterator end; - boost::system::error_code error = asio::error::host_not_found; - while (error && endpoint_iterator != end) - { - stream.lowest_layer().close(); - stream.lowest_layer().connect(*endpoint_iterator++, error); - } - if (error) - return false; - return true; - } - -private: - bool fNeedHandshake; - bool fUseSSL; - SSLStream& stream; -}; -#endif - void ThreadRPCServer(void* parg) { IMPLEMENT_RANDOMIZE_STACK(ThreadRPCServer(parg)); @@ -9319,7 +9259,6 @@ return; } - bool fUseSSL = GetBoolArg("-rpcssl"); asio::ip::address bindAddress = mapArgs.count("-rpcallowip") ? asio::ip::address_v4::any() : asio::ip::address_v4::loopback(); asio::io_service io_service; @@ -9328,47 +9267,14 @@ acceptor.set_option(boost::asio::ip::tcp::acceptor::reuse_address(true)); -#ifdef USE_SSL - ssl::context context(io_service, ssl::context::sslv23); - if (fUseSSL) - { - context.set_options(ssl::context::no_sslv2); - filesystem::path certfile = GetArg("-rpcsslcertificatechainfile", "server.cert"); - if (!certfile.is_complete()) certfile = filesystem::path(GetDataDir()) / certfile; - if (filesystem::exists(certfile)) context.use_certificate_chain_file(certfile.string().c_str()); - else printf("ThreadRPCServer ERROR: missing server certificate file %s\n", certfile.string().c_str()); - filesystem::path pkfile = GetArg("-rpcsslprivatekeyfile", "server.pem"); - if (!pkfile.is_complete()) pkfile = filesystem::path(GetDataDir()) / pkfile; - if (filesystem::exists(pkfile)) context.use_private_key_file(pkfile.string().c_str(), ssl::context::pem); - else printf("ThreadRPCServer ERROR: missing server private key file %s\n", pkfile.string().c_str()); - - string ciphers = GetArg("-rpcsslciphers", - "TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH"); - SSL_CTX_set_cipher_list(context.impl(), ciphers.c_str()); - } -#else - if (fUseSSL) - throw runtime_error("-rpcssl=1, but bitcoin compiled without full openssl libraries."); -#endif - loop { // Accept connection -#ifdef USE_SSL - SSLStream sslStream(io_service, context); - SSLIOStreamDevice d(sslStream, fUseSSL); - iostreams::stream stream(d); -#else ip::tcp::iostream stream; -#endif ip::tcp::endpoint peer; vnThreadsRunning[4]--; -#ifdef USE_SSL - acceptor.accept(sslStream.lowest_layer(), peer); -#else acceptor.accept(*stream.rdbuf(), peer); -#endif vnThreadsRunning[4]++; if (fShutdown) return; @@ -9376,9 +9282,10 @@ // Restrict callers by IP if (!ClientAllowed(peer.address().to_string())) { + // snipsnipsnip // Only send a 403 if we're not using SSL to prevent a DoS during the SSL handshake. - if (!fUseSSL) - stream << HTTPReply(403, "") << std::flush; + //if (!fUseSSL) + stream << HTTPReply(403, "") << std::flush; continue; } @@ -9494,25 +9401,9 @@ GetConfigFile().c_str())); // Connect to localhost - bool fUseSSL = GetBoolArg("-rpcssl"); -#ifdef USE_SSL - asio::io_service io_service; - ssl::context context(io_service, ssl::context::sslv23); - context.set_options(ssl::context::no_sslv2); - SSLStream sslStream(io_service, context); - SSLIOStreamDevice d(sslStream, fUseSSL); - iostreams::stream stream(d); - if (!d.connect(GetArg("-rpcconnect", "127.0.0.1"), GetArg("-rpcport", "8332"))) - throw runtime_error("couldn't connect to server"); -#else - if (fUseSSL) - throw runtime_error("-rpcssl=1, but bitcoin compiled without full openssl libraries."); - ip::tcp::iostream stream(GetArg("-rpcconnect", "127.0.0.1"), GetArg("-rpcport", "8332")); if (stream.fail()) throw runtime_error("couldn't connect to server"); -#endif - // HTTP basic authentication string strUserPass64 = EncodeBase64(mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"]); @@ -21425,7 +21316,7 @@ #endif ############################################################################## -4150 @ ./bitcoin/src/makefile.unix +4102 @ ./bitcoin/src/makefile.unix ############################################################################## # Copyright (c) 2009-2010 Satoshi Nakamoto # Distributed under the MIT/X11 software license, see the accompanying @@ -21458,10 +21349,6 @@ -l ssl \ -l crypto -ifneq (${USE_SSL}, 0) - DEFS += -DUSE_SSL -endif - LIBS+= \ -Wl,-B$(LMODE2) \ -l z \ @@ -21649,7 +21536,7 @@ } ############################################################################## -17101 @ ./bitcoin/src/init.cpp +16463 @ ./bitcoin/src/init.cpp ############################################################################## // Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2012 The Bitcoin developers @@ -21860,15 +21747,6 @@ " -keypool= \t " + _("Set key pool size to (default: 100)\n") + " -rescan \t " + _("Rescan the block chain for missing wallet transactions\n"); -#ifdef USE_SSL - strUsage += string() + - _("\nSSL options: (see the Bitcoin Wiki for SSL setup instructions)\n") + - " -rpcssl \t " + _("Use OpenSSL (https) for JSON-RPC connections\n") + - " -rpcsslcertificatechainfile=\t " + _("Server certificate file (default: server.cert)\n") + - " -rpcsslprivatekeyfile= \t " + _("Server private key (default: server.pem)\n") + - " -rpcsslciphers= \t " + _("Acceptable ciphers (default: TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH)\n"); -#endif - strUsage += string() + " -? \t\t " + _("This help message\n");